diff --git a/go.mod b/go.mod index d846826f..b37a07ff 100644 --- a/go.mod +++ b/go.mod @@ -26,6 +26,7 @@ require ( github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1017 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1030 github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl v1.0.992 + github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1030 golang.org/x/crypto v0.28.0 k8s.io/api v0.31.1 k8s.io/apimachinery v0.31.1 @@ -59,7 +60,6 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect github.com/technoweenie/multipartstreamer v1.0.1 // indirect - github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/teo v1.0.1030 // indirect github.com/x448/float16 v0.8.4 // indirect go.mongodb.org/mongo-driver v1.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index fdcb5b6f..afa71518 100644 --- a/go.sum +++ b/go.sum @@ -458,7 +458,6 @@ github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1017 h1:Oymmfm github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/cdn v1.0.1017/go.mod h1:gnLxGXlLmF+jDqWR1/RVoF/UUwxQxomQhkc0oN7KeuI= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.992/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1002/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= -github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1017 h1:SXrldOXwgomYuATVAuz5ofpTjB+99qVELgdy5R5kMgI= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1017/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1030 h1:kwiUoCkooUgy7iPyhEEbio7WT21kGJUeZ5JeJfb/dYk= github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.1030/go.mod h1:r5r4xbfxSaeR04b166HGsBa/R4U3SueirEUpXGuw+Q0= diff --git a/internal/deployer/deployer.go b/internal/deployer/deployer.go index 37824cab..c00d9ff3 100644 --- a/internal/deployer/deployer.go +++ b/internal/deployer/deployer.go @@ -2,18 +2,16 @@ package deployer import ( "context" - "crypto/x509" "encoding/json" - "encoding/pem" "errors" "fmt" - "strings" "github.com/pocketbase/pocketbase/models" "software.sslmate.com/src/go-pkcs12" "github.com/usual2970/certimate/internal/applicant" "github.com/usual2970/certimate/internal/domain" + "github.com/usual2970/certimate/internal/pkg/utils/x509" "github.com/usual2970/certimate/internal/utils/app" ) @@ -41,7 +39,6 @@ const ( type DeployerOption struct { DomainId string `json:"domainId"` Domain string `json:"domain"` - Product string `json:"product"` Access string `json:"access"` AccessRecord *models.Record `json:"-"` DeployConfig domain.DeployConfig `json:"deployConfig"` @@ -93,7 +90,6 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep option := &DeployerOption{ DomainId: record.Id, Domain: record.GetString("domain"), - Product: getProduct(deployConfig.Type), Access: access.GetString("config"), AccessRecord: access, DeployConfig: deployConfig, @@ -121,7 +117,7 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep case targetAliyunNLB: return NewAliyunNLBDeployer(option) case targetTencentCDN: - return NewTencentCDNDeployer(option) + return NewTencentCDNDeployer(option) case targetTencentECDN: return NewTencentECDNDeployer(option) case targetTencentCLB: @@ -148,14 +144,6 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep return nil, errors.New("unsupported deploy target") } -func getProduct(t string) string { - rs := strings.Split(t, "-") - if len(rs) < 2 { - return "" - } - return rs[1] -} - func toStr(tag string, data any) string { if data == nil { return tag @@ -200,24 +188,14 @@ func getDeployVariables(conf domain.DeployConfig) map[string]string { } func convertPemToPfx(certificate string, privateKey string, password string) ([]byte, error) { - // TODO: refactor - - certBlock, _ := pem.Decode([]byte(certificate)) - if certBlock == nil { - return nil, fmt.Errorf("failed to decode pem") - } - cert, err := x509.ParseCertificate(certBlock.Bytes) + cert, err := x509.ParseCertificateFromPEM(certificate) if err != nil { - return nil, fmt.Errorf("failed to parse pem: %w", err) + return nil, err } - privkeyBlock, _ := pem.Decode([]byte(privateKey)) - if privkeyBlock == nil { - return nil, fmt.Errorf("failed to decode pem") - } - privkey, err := x509.ParsePKCS1PrivateKey(privkeyBlock.Bytes) + privkey, err := x509.ParsePKCS1PrivateKeyFromPEM(privateKey) if err != nil { - return nil, fmt.Errorf("failed to parse pem: %w", err) + return nil, err } pfxData, err := pkcs12.LegacyRC2.Encode(privkey, cert, nil, password) diff --git a/internal/pkg/utils/x509/x509.go b/internal/pkg/utils/x509/x509.go index 09d67d3a..40cc39d6 100644 --- a/internal/pkg/utils/x509/x509.go +++ b/internal/pkg/utils/x509/x509.go @@ -2,6 +2,7 @@ import ( "crypto/ecdsa" + "crypto/rsa" "crypto/x509" "encoding/pem" "fmt" @@ -48,7 +49,7 @@ func ParseCertificateFromPEM(certPem string) (cert *x509.Certificate, err error) return cert, nil } -// 从 PEM 编码的私钥字符串解析并返回一个 ECDSA 私钥对象。 +// 从 PEM 编码的私钥字符串解析并返回一个 ecdsa.PrivateKey 对象。 // // 入参: // - privkeyPem: 私钥 PEM 内容。 @@ -72,7 +73,31 @@ func ParseECPrivateKeyFromPEM(privkeyPem string) (privkey *ecdsa.PrivateKey, err return privkey, nil } -// 将 ECDSA 私钥转换为 PEM 编码的字符串。 +// 从 PEM 编码的私钥字符串解析并返回一个 rsa.PrivateKey 对象。 +// +// 入参: +// - privkeyPem: 私钥 PEM 内容。 +// +// 出参: +// - privkey: rsa.PrivateKey 对象。 +// - err: 错误。 +func ParsePKCS1PrivateKeyFromPEM(privkeyPem string) (privkey *rsa.PrivateKey, err error) { + pemData := []byte(privkeyPem) + + block, _ := pem.Decode(pemData) + if block == nil { + return nil, fmt.Errorf("failed to decode PEM block") + } + + privkey, err = x509.ParsePKCS1PrivateKey(block.Bytes) + if err != nil { + return nil, fmt.Errorf("failed to parse private key: %w", err) + } + + return privkey, nil +} + +// 将 ecdsa.PrivateKey 对象转换为 PEM 编码的字符串。 // // 入参: // - privkey: ecdsa.PrivateKey 对象。